Analysis Overview
SHA256
c5a78e1a26d1abe23e3fcf598b01f2c325fd285cf55b9b1456c74953e162ce2a
Threat Level: Known bad
The file 2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia was found to be: Known bad.
Malicious Activity Summary
Gh0strat
Gh0st RAT payload
Detects executables packed with VMProtect.
Loads dropped DLL
VMProtect packed file
Checks computer location settings
Executes dropped EXE
Enumerates connected drives
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-12 00:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-12 00:42
Reported
2024-05-12 00:45
Platform
win7-20240221-en
Max time kernel
148s
Max time network
157s
Command Line
Signatures
Gh0st RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gh0strat
Detects executables packed with VMProtect.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2728 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
| PID 2232 wrote to memory of 2728 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
| PID 2232 wrote to memory of 2728 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
| PID 2232 wrote to memory of 2728 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe"
C:\Users\Public\IEYunioBox\IEYunioBox.exe
"C:\Users\Public\IEYunioBox\IEYunioBox.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aqdl6w.ph.files.1drv.com | udp |
| US | 13.107.42.12:443 | aqdl6w.ph.files.1drv.com | tcp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| US | 8.8.8.8:53 | book2.cookielive.top | udp |
| HK | 38.45.124.69:1688 | book2.cookielive.top | tcp |
| HK | 103.235.46.40:443 | www.baidu.com | tcp |
| N/A | 10.127.0.138:4820 | tcp | |
| US | 8.8.8.8:53 | a.ayousb.com | udp |
| HK | 103.127.83.35:4820 | a.ayousb.com | tcp |
Files
\Users\Public\IEYunioBox\IEYunioBox.exe
| MD5 | 6e2ab372b7aa0ee2b2b41b642a380201 |
| SHA1 | 4370faef1f91993ff0027c91b28c8ef02fc63ac7 |
| SHA256 | 0cea224426ffc805373f28f4e92c7856bcd1c35202561e983dc78d358b0a5e2d |
| SHA512 | 9b74c278f1e33c09c97f4811299466809ac41b86737630ddcb22943c97ffb3b37c48101cd529e833fb3485dd1c6dcf71f661a8ee0e77dae39e7bc4d16b3c2148 |
memory/2728-23-0x0000000000400000-0x0000000000DDD000-memory.dmp
C:\Users\Public\IEYunioBox\curl.ext.dll
| MD5 | 3388c0354f6fc015c6a30df10dfb72de |
| SHA1 | 760c96ecabd90e6b0b727c9b155f3a29a3ea5cd6 |
| SHA256 | 76f3513bbea93c24efcf9ffd7eae906b6a262e3c96a34f5087e39987eb3dc559 |
| SHA512 | d0eb1f3e2130d6097cf0a6c85dc0c4dedfecc0e65525d1b5140f4d9670c674ac6e94859c28bdbf508012940865d22b0e35af705c2669fb5bc05842edc86bb3ee |
C:\Users\Public\IEYunioBox\DumpLib.dll
| MD5 | b6ecc078a0e288748f33ed4007758eb1 |
| SHA1 | 8a0b61f63664e2b4849733447ee5224ffb4ba875 |
| SHA256 | 3398bf14d61c9d7d2704ef1551efc907ab53ed4ef1523c55816574db4692d5e8 |
| SHA512 | 815e4d1e61762b0cd42c39de949b64c24cb79cae9bcb5ec9205039a9b989276b158ec581897dc9704e85b67002bd8a6098cd8cfcefd8423b4b893d0d3812e9e6 |
\Users\Public\IEYunioBox\AssnFightNet.dll
| MD5 | a67d7f13a847e69e48f1f11beb74d425 |
| SHA1 | 84bf8400bfcb7acf73cc8ec55104c1add9b415c0 |
| SHA256 | 5dfdc20e2c67de0b550599f5e93ee0d547d4cb889ea0b2267dce2b7eb08536d1 |
| SHA512 | e391ce132248545c20fae8e539052612d762061f7170bd1741508221741c55aae395b56caa13b1948439ce3f562feaaaf6f171775653603b03fe22dd0c27221a |
memory/2728-31-0x0000000000230000-0x0000000000319000-memory.dmp
memory/2728-28-0x00000000746A0000-0x00000000748E2000-memory.dmp
\Users\Public\IEYunioBox\XLLuaRuntime.dll
| MD5 | b44b02bc83831fd07f2d28b796fc49ec |
| SHA1 | ed9914f9362b323b197f92a4fee9946c34b80d44 |
| SHA256 | 150eb65bc447971d15f533a256bdfb075961908be629ce92ce6c8370905653ff |
| SHA512 | e8364a08554119001141c245dcb3f1770afba442a0d50c7e448774cade0854df35aeed642c3aac92e3746b181f493e25aeb880bbfaa50716c17009e746db90ea |
memory/2728-33-0x00000000026F0000-0x0000000002745000-memory.dmp
C:\Users\Public\IEYunioBox\libcurl.dll
| MD5 | e8319c3c86be7fed599327578849b140 |
| SHA1 | e0654dfaf44d2b96f37c62f6cc316247d9d6b28a |
| SHA256 | 19d9f4613bcc6793cf209f09a1c8b72ac6ce6f1c0af75081f8b357d157971a5a |
| SHA512 | 1fd299e9601b2287650800611f6d95dfe1d88f8b441e2b7244a851685f5a74173c23c2558a50e9e7e9d6b0249b53e83e4ac9dbf0c1fe1d356fdfb67cfe056127 |
C:\Users\Public\IEYunioBox\LIBEAY32.dll
| MD5 | 2c74bd6ad79127ecfcfacd7e58d3655f |
| SHA1 | ea0f46f4c95fdf59985d0cea2abbc5fb04ea00e2 |
| SHA256 | 6990521aac3227e5970db05213b0fdbbb174eb5c1788cb7b033cd4043ba45644 |
| SHA512 | b8b72d103cac0847e7308ad1a6967b7922e4185e3455975b84d8c07fee1197ffa029d977364cdabdbd7151617af583c0f10019fe459af426999cccf15cb5a1ae |
\Users\Public\IEYunioBox\ssleay32.dll
| MD5 | 9f3fb0fff13d3c141873d4823de5d268 |
| SHA1 | c5a016155aff9cd8cf0880e3060e3dcacf016ddc |
| SHA256 | 6957303f95a67754885fb1301d9064c708d675dac0ed454886f5ed4c82be77d6 |
| SHA512 | 98a8114ef6a4eab29d1389508d17486ae605b92ca468c5feaf42c5357edafdba6d8003290bc9084dd0ab51793cff6eaccb9685f3d5aefb4ed1e4bfc07765d1a6 |
\Users\Public\IEYunioBox\zlib1.dll
| MD5 | 6791dcad6284684082033063c2cd7e72 |
| SHA1 | 4fd11e7eb298d2cb18d1f8e74536e4a58c1cd0b7 |
| SHA256 | 202af400d7840830bc7182cf31d4f54ddd0023ed109c5f810495293aec9197ce |
| SHA512 | 79a5b58cbaea1c6004b5075e2df9b284ca9a32627da677078a896a659c34c65204bf43f70aeb4ef05601573c4b4190113c550e1ae1c3c0489cca73a621a67bd3 |
memory/2728-42-0x0000000000F70000-0x0000000000F82000-memory.dmp
memory/2728-43-0x00000000746A0000-0x00000000748E2000-memory.dmp
memory/2728-45-0x0000000000230000-0x0000000000319000-memory.dmp
memory/2728-48-0x0000000000400000-0x0000000000DDD000-memory.dmp
C:\Users\Public\IEYunioBox\poqexec.log
| MD5 | bddeb003252646b091b0e39a3250a238 |
| SHA1 | b95ce3f576fe9feecba8cf0cff5a692bb11f1566 |
| SHA256 | 8b54c3fed46a2ff3eb5356a54fb361d4601a465a46044330d542c8418cba4d02 |
| SHA512 | ef092c724f47f756f4b1ebdad6103a8e5b268042501793f61d6a6c1ff46bde9fc90d4ed758451888e6614d96d8dcef2f858865fd2f840e470d94304fdedefdc4 |
memory/2728-50-0x00000000032B0000-0x0000000003346000-memory.dmp
C:\Users\Public\IEYunioBox\task.dat
| MD5 | 773f06fc4ba1a140a9b4ad2985a4de0c |
| SHA1 | f9c46bc32bab3f501b113f6f5a0d286243aa9796 |
| SHA256 | 67de6e9fedd0ff80e05f52ee2d2540e5f0d9461a6d1a171f1ba9b97ba6b695bc |
| SHA512 | c2bc9cb8940e0bfc4d344ea387400c79bb502697955a1f8c27f6618cf294283d1bb9f895e9c8e2b7dae20d8d46821b55e95d65a59060853be77c84b06480d5df |
memory/2728-57-0x0000000003350000-0x00000000033CB000-memory.dmp
C:\Users\Public\IEYunioBox\IEYunioBox.dat
| MD5 | 188b4929590e2c69088b7522e480dce7 |
| SHA1 | ab9b186eaf3b50840c3bc269dd1d611c055f16b3 |
| SHA256 | 2bc78d8fae7e776ef60779f8546126f9bce6aa0d7016d32000725cc4ea31e4cf |
| SHA512 | af13c22cad62f981629c95b1ccfd1fce4bd28fbc05f97c22891fb5f547981270e791e61a6406b4164adee5fdd4b7354a13b2415c25f5f94f6febcd59ab2b89f3 |
memory/2728-74-0x000000006B240000-0x000000006B2A8000-memory.dmp
memory/2728-73-0x00000000026F0000-0x0000000002745000-memory.dmp
memory/2728-75-0x0000000063000000-0x00000000631A9000-memory.dmp
memory/2728-76-0x000000006E400000-0x000000006E461000-memory.dmp
memory/2728-81-0x0000000000400000-0x0000000000DDD000-memory.dmp
memory/2728-82-0x00000000746A0000-0x00000000748E2000-memory.dmp
memory/2728-83-0x0000000000230000-0x0000000000319000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-12 00:42
Reported
2024-05-12 00:45
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Gh0st RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Gh0strat
Detects executables packed with VMProtect.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| N/A | N/A | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates connected drives
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Public\IEYunioBox\IEYunioBox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1436 wrote to memory of 4184 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
| PID 1436 wrote to memory of 4184 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
| PID 1436 wrote to memory of 4184 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe | C:\Users\Public\IEYunioBox\IEYunioBox.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-12_2ecbdd1a3b33b674f621ce440f9c18d3_mafia.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Public\IEYunioBox\IEYunioBox.exe
"C:\Users\Public\IEYunioBox\IEYunioBox.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aqdl6w.ph.files.1drv.com | udp |
| US | 13.107.42.12:443 | aqdl6w.ph.files.1drv.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 12.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | book2.cookielive.top | udp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| HK | 38.45.124.69:1688 | book2.cookielive.top | tcp |
| HK | 103.235.46.40:443 | www.baidu.com | tcp |
| US | 8.8.8.8:53 | 69.124.45.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.46.235.103.in-addr.arpa | udp |
| N/A | 10.127.0.95:4820 | tcp | |
| US | 8.8.8.8:53 | a.ayousb.com | udp |
| HK | 103.127.83.35:4820 | a.ayousb.com | tcp |
| US | 8.8.8.8:53 | 35.83.127.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 107.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Public\IEYunioBox\IEYunioBox.exe
| MD5 | 6e2ab372b7aa0ee2b2b41b642a380201 |
| SHA1 | 4370faef1f91993ff0027c91b28c8ef02fc63ac7 |
| SHA256 | 0cea224426ffc805373f28f4e92c7856bcd1c35202561e983dc78d358b0a5e2d |
| SHA512 | 9b74c278f1e33c09c97f4811299466809ac41b86737630ddcb22943c97ffb3b37c48101cd529e833fb3485dd1c6dcf71f661a8ee0e77dae39e7bc4d16b3c2148 |
C:\Users\Public\IEYunioBox\curl.ext.dll
| MD5 | 3388c0354f6fc015c6a30df10dfb72de |
| SHA1 | 760c96ecabd90e6b0b727c9b155f3a29a3ea5cd6 |
| SHA256 | 76f3513bbea93c24efcf9ffd7eae906b6a262e3c96a34f5087e39987eb3dc559 |
| SHA512 | d0eb1f3e2130d6097cf0a6c85dc0c4dedfecc0e65525d1b5140f4d9670c674ac6e94859c28bdbf508012940865d22b0e35af705c2669fb5bc05842edc86bb3ee |
C:\Users\Public\IEYunioBox\DumpLib.dll
| MD5 | b6ecc078a0e288748f33ed4007758eb1 |
| SHA1 | 8a0b61f63664e2b4849733447ee5224ffb4ba875 |
| SHA256 | 3398bf14d61c9d7d2704ef1551efc907ab53ed4ef1523c55816574db4692d5e8 |
| SHA512 | 815e4d1e61762b0cd42c39de949b64c24cb79cae9bcb5ec9205039a9b989276b158ec581897dc9704e85b67002bd8a6098cd8cfcefd8423b4b893d0d3812e9e6 |
memory/4184-32-0x0000000000400000-0x0000000000DDD000-memory.dmp
memory/4184-36-0x00000000013C0000-0x00000000014A9000-memory.dmp
memory/4184-35-0x0000000073960000-0x0000000073BA2000-memory.dmp
C:\Users\Public\IEYunioBox\AssnFightNet.dll
| MD5 | a67d7f13a847e69e48f1f11beb74d425 |
| SHA1 | 84bf8400bfcb7acf73cc8ec55104c1add9b415c0 |
| SHA256 | 5dfdc20e2c67de0b550599f5e93ee0d547d4cb889ea0b2267dce2b7eb08536d1 |
| SHA512 | e391ce132248545c20fae8e539052612d762061f7170bd1741508221741c55aae395b56caa13b1948439ce3f562feaaaf6f171775653603b03fe22dd0c27221a |
C:\Users\Public\IEYunioBox\XLLuaRuntime.dll
| MD5 | b44b02bc83831fd07f2d28b796fc49ec |
| SHA1 | ed9914f9362b323b197f92a4fee9946c34b80d44 |
| SHA256 | 150eb65bc447971d15f533a256bdfb075961908be629ce92ce6c8370905653ff |
| SHA512 | e8364a08554119001141c245dcb3f1770afba442a0d50c7e448774cade0854df35aeed642c3aac92e3746b181f493e25aeb880bbfaa50716c17009e746db90ea |
memory/4184-51-0x0000000002C90000-0x0000000002CA2000-memory.dmp
C:\Users\Public\IEYunioBox\zlib1.dll
| MD5 | 6791dcad6284684082033063c2cd7e72 |
| SHA1 | 4fd11e7eb298d2cb18d1f8e74536e4a58c1cd0b7 |
| SHA256 | 202af400d7840830bc7182cf31d4f54ddd0023ed109c5f810495293aec9197ce |
| SHA512 | 79a5b58cbaea1c6004b5075e2df9b284ca9a32627da677078a896a659c34c65204bf43f70aeb4ef05601573c4b4190113c550e1ae1c3c0489cca73a621a67bd3 |
C:\Users\Public\IEYunioBox\libeay32.dll
| MD5 | 2c74bd6ad79127ecfcfacd7e58d3655f |
| SHA1 | ea0f46f4c95fdf59985d0cea2abbc5fb04ea00e2 |
| SHA256 | 6990521aac3227e5970db05213b0fdbbb174eb5c1788cb7b033cd4043ba45644 |
| SHA512 | b8b72d103cac0847e7308ad1a6967b7922e4185e3455975b84d8c07fee1197ffa029d977364cdabdbd7151617af583c0f10019fe459af426999cccf15cb5a1ae |
memory/4184-52-0x0000000073960000-0x0000000073BA2000-memory.dmp
memory/4184-54-0x00000000013C0000-0x00000000014A9000-memory.dmp
C:\Users\Public\IEYunioBox\ssleay32.dll
| MD5 | 9f3fb0fff13d3c141873d4823de5d268 |
| SHA1 | c5a016155aff9cd8cf0880e3060e3dcacf016ddc |
| SHA256 | 6957303f95a67754885fb1301d9064c708d675dac0ed454886f5ed4c82be77d6 |
| SHA512 | 98a8114ef6a4eab29d1389508d17486ae605b92ca468c5feaf42c5357edafdba6d8003290bc9084dd0ab51793cff6eaccb9685f3d5aefb4ed1e4bfc07765d1a6 |
C:\Users\Public\IEYunioBox\libcurl.dll
| MD5 | e8319c3c86be7fed599327578849b140 |
| SHA1 | e0654dfaf44d2b96f37c62f6cc316247d9d6b28a |
| SHA256 | 19d9f4613bcc6793cf209f09a1c8b72ac6ce6f1c0af75081f8b357d157971a5a |
| SHA512 | 1fd299e9601b2287650800611f6d95dfe1d88f8b441e2b7244a851685f5a74173c23c2558a50e9e7e9d6b0249b53e83e4ac9dbf0c1fe1d356fdfb67cfe056127 |
memory/4184-40-0x0000000002D50000-0x0000000002DA5000-memory.dmp
memory/4184-56-0x0000000000400000-0x0000000000DDD000-memory.dmp
C:\Users\Public\IEYunioBox\poqexec.log
| MD5 | bddeb003252646b091b0e39a3250a238 |
| SHA1 | b95ce3f576fe9feecba8cf0cff5a692bb11f1566 |
| SHA256 | 8b54c3fed46a2ff3eb5356a54fb361d4601a465a46044330d542c8418cba4d02 |
| SHA512 | ef092c724f47f756f4b1ebdad6103a8e5b268042501793f61d6a6c1ff46bde9fc90d4ed758451888e6614d96d8dcef2f858865fd2f840e470d94304fdedefdc4 |
C:\Users\Public\IEYunioBox\task.dat
| MD5 | 773f06fc4ba1a140a9b4ad2985a4de0c |
| SHA1 | f9c46bc32bab3f501b113f6f5a0d286243aa9796 |
| SHA256 | 67de6e9fedd0ff80e05f52ee2d2540e5f0d9461a6d1a171f1ba9b97ba6b695bc |
| SHA512 | c2bc9cb8940e0bfc4d344ea387400c79bb502697955a1f8c27f6618cf294283d1bb9f895e9c8e2b7dae20d8d46821b55e95d65a59060853be77c84b06480d5df |
memory/4184-59-0x0000000003A90000-0x0000000003B26000-memory.dmp
memory/4184-65-0x00000000033B0000-0x000000000342B000-memory.dmp
C:\Users\Public\IEYunioBox\IEYunioBox.dat
| MD5 | 188b4929590e2c69088b7522e480dce7 |
| SHA1 | ab9b186eaf3b50840c3bc269dd1d611c055f16b3 |
| SHA256 | 2bc78d8fae7e776ef60779f8546126f9bce6aa0d7016d32000725cc4ea31e4cf |
| SHA512 | af13c22cad62f981629c95b1ccfd1fce4bd28fbc05f97c22891fb5f547981270e791e61a6406b4164adee5fdd4b7354a13b2415c25f5f94f6febcd59ab2b89f3 |
memory/4184-82-0x0000000002D50000-0x0000000002DA5000-memory.dmp
memory/4184-84-0x000000006E400000-0x000000006E461000-memory.dmp
memory/4184-85-0x0000000063000000-0x00000000631A9000-memory.dmp
memory/4184-83-0x000000006B240000-0x000000006B2A8000-memory.dmp
memory/4184-86-0x0000000000400000-0x0000000000DDD000-memory.dmp
memory/4184-87-0x0000000073960000-0x0000000073BA2000-memory.dmp
memory/4184-92-0x00000000013C0000-0x00000000014A9000-memory.dmp